def testMetricFilterAndAlarmExistForS3PolicyChanges(self):
trailsWithoutAlarmsForS3PolicyChanges = []
trails = self._getTrails()
self.assertNotEqual([], trails, "No trails defined. Recommendation: 3.8")
for trail in trails:
if trail.cloudWatchLogGroup is None:
trailsWithoutAlarmsForS3PolicyChanges.append(trail)
else:
metricFilters = LogMetricFilterSet(CloudWatchLogs().getMetricFilters(trail.cloudWatchLogGroup)['metricFilters'])
if metricFilters.s3PolicyChangeFilterAlarmOrSubscriberNotDefined():
trailsWithoutAlarmsForS3PolicyChanges.append(trail)
self.assertEqual([], trailsWithoutAlarmsForS3PolicyChanges, 'Trail(s) without alarms for S3 policy changes: %s. Recommendation: 3.8' % self._trails(trailsWithoutAlarmsForS3PolicyChanges))
def testMetricFilterAndAlarmExistForConsoleAuthFailure(self):
trailsWithoutAlarmsForConsoleAuthFailures = []
trails = self._getTrails()
self.assertNotEqual([], trails, "No trails defined. Recommendation: 3.6")
for trail in trails:
if trail.cloudWatchLogGroup is None:
trailsWithoutAlarmsForConsoleAuthFailures.append(trail)
else:
metricFilters = LogMetricFilterSet(CloudWatchLogs().getMetricFilters(trail.cloudWatchLogGroup)['metricFilters'])
if metricFilters.consoleAuthFailureFilterAlarmOrSubscriberNotDefined():
trailsWithoutAlarmsForConsoleAuthFailures.append(trail)
self.assertEqual([], trailsWithoutAlarmsForConsoleAuthFailures, 'Trail(s) without alarms for web console auth failures: %s. Recommendation: 3.6' % self._trails(trailsWithoutAlarmsForConsoleAuthFailures))
def testMetricFilterAndAlarmExistForRootLogin(self):
trailsWithoutAlarmsForRootLogin = []
trails = self._getTrails()
self.assertNotEqual([], trails, "No trails defined. Recommendation: 3.3")
for trail in trails:
if trail.cloudWatchLogGroup is None:
trailsWithoutAlarmsForRootLogin.append(trail)
else:
metricFilters = LogMetricFilterSet(CloudWatchLogs().getMetricFilters(trail.cloudWatchLogGroup)['metricFilters'])
if metricFilters.rootLoginFilterAlarmOrSubscriberNotDefined():
trailsWithoutAlarmsForRootLogin.append(trail)
self.assertEqual([], trailsWithoutAlarmsForRootLogin, 'Trail(s) without alarms for root login: %s. Recommendation: 3.3' % self._trails(trailsWithoutAlarmsForRootLogin))
def testMetricFilterAndAlarmExistForLoginWithoutMfa(self):
trailsWithoutAlarmsForLoginWithoutMfa = []
trails = self._getTrails()
self.assertNotEqual([], trails, "No trails defined. Recommendation: 3.2")
for trail in trails:
if trail.cloudWatchLogGroup is None:
trailsWithoutAlarmsForLoginWithoutMfa.append(trail)
else:
metricFilters = LogMetricFilterSet(CloudWatchLogs().getMetricFilters(trail.cloudWatchLogGroup)['metricFilters'])
if metricFilters.loginWithoutMfaFilterAlarmOrSubscriberNotDefined():
trailsWithoutAlarmsForLoginWithoutMfa.append(trail)
self.assertEqual([], trailsWithoutAlarmsForLoginWithoutMfa, 'Trail(s) without alarms for web console login without MFA: %s. Recommendation: 3.2' % self._trails(trailsWithoutAlarmsForLoginWithoutMfa))
def testMetricFilterAndAlarmExistForUnauthorizedApiCalls(self):
trailsWithoutAlarmsForUnauthorizedApiCalls = []
trails = self._getTrails()
self.assertNotEqual([], trails, "No trails defined. Recommendation: 3.1")
for trail in trails:
if trail.cloudWatchLogGroup is None:
trailsWithoutAlarmsForUnauthorizedApiCalls.append(trail)
else:
metricFilters = LogMetricFilterSet(CloudWatchLogs().getMetricFilters(trail.cloudWatchLogGroup)['metricFilters'])
if metricFilters.unauthorizedApiCallFilterAlarmOrSubscriberNotDefined():
trailsWithoutAlarmsForUnauthorizedApiCalls.append(trail)
self.assertEqual([], trailsWithoutAlarmsForUnauthorizedApiCalls, 'Trail(s) without alarms for unauthorized API calls: %s. Recommendation: 3.1' % self._trails(trailsWithoutAlarmsForUnauthorizedApiCalls))
def testMetricFilterAndAlarmExistForNetworkGatewayChanges(self):
trailsWithoutAlarmsForNetworkGatewayChanges = []
trails = self._getTrails()
self.assertNotEqual([], trails, "No trails defined.")
for trail in trails:
if trail.cloudWatchLogGroup is None:
trailsWithoutAlarmsForNetworkGatewayChanges.append(trail)
else:
metricFilters = LogMetricFilterSet(
CloudWatchLogs().getMetricFilters(
trail.cloudWatchLogGroup)['metricFilters'])
if metricFilters.networkGatewayChangeFilterAlarmOrSubscriberNotDefined(
):
trailsWithoutAlarmsForNetworkGatewayChanges.append(trail)
self.assertEqual(
[], trailsWithoutAlarmsForNetworkGatewayChanges,
'Trail(s) without alarms for network gateway changes: %s.' %
self._trails(trailsWithoutAlarmsForNetworkGatewayChanges))